-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Aug 2025 18:37:35 +0200
Source: unbound
Binary: libunbound-dev libunbound8 libunbound8-dbgsym python3-unbound python3-unbound-dbgsym unbound unbound-anchor unbound-anchor-dbgsym unbound-dbgsym unbound-host unbound-host-dbgsym
Architecture: arm64
Version: 1.17.1-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libunbound-dev - static library, header files, and docs for libunbound
 libunbound8 - library implementing DNS resolution and validation
 python3-unbound - library implementing DNS resolution and validation (Python3 bindi
 unbound    - validating, recursive, caching DNS resolver
 unbound-anchor - utility to securely fetch the root DNS trust anchor
 unbound-host - reimplementation of the 'host' command
Closes: 1078647 1083282 1109427
Changes:
 unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.
Checksums-Sha1:
 4e03c7de58ca1116dd14c3b3358d12c83f109063 620176 libunbound-dev_1.17.1-2+deb12u3_arm64.deb
 4914d15f1bda941f616a63a833f7c89110f878f1 1250344 libunbound8-dbgsym_1.17.1-2+deb12u3_arm64.deb
 f21310fdb7800cfa71c0e5a83f7e727cba896c77 510176 libunbound8_1.17.1-2+deb12u3_arm64.deb
 7352b58f26c2d2467516cef9fe47d6a2a8695e24 171200 python3-unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 b592d29eef0f8154fcc36a63c25424eb0a675040 201160 python3-unbound_1.17.1-2+deb12u3_arm64.deb
 e8ea710f81d499db3aa73c1debdbaaaf4d5dd8fc 59428 unbound-anchor-dbgsym_1.17.1-2+deb12u3_arm64.deb
 3b4d95b32d7080c335620ae93d6014bda318d6fa 178628 unbound-anchor_1.17.1-2+deb12u3_arm64.deb
 102e010e375c1aed5fe21ffc1294f4b0322b2062 5034600 unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 ff33636e2eb1d0d3961cbc4b8800911c1a824ead 130548 unbound-host-dbgsym_1.17.1-2+deb12u3_arm64.deb
 ab75a1acfd4171ee0467f2d6841b03c945156e55 198676 unbound-host_1.17.1-2+deb12u3_arm64.deb
 a7d1082fc4a3e70c8f07ea7dff834c8b05094493 10900 unbound_1.17.1-2+deb12u3_arm64-buildd.buildinfo
 c33e33b9f6357bb7c32077e24d6ab8e7e5b0fca5 895160 unbound_1.17.1-2+deb12u3_arm64.deb
Checksums-Sha256:
 f20bc449e846d2b6c99fcdafad43efad156b42fdf97a639c6da965aa2fbcd973 620176 libunbound-dev_1.17.1-2+deb12u3_arm64.deb
 0a76289baba2512fab2d30241d8d9fc8803d1c6e08c0a9872ee2686eac0c7360 1250344 libunbound8-dbgsym_1.17.1-2+deb12u3_arm64.deb
 05353e39de9de3b35ff38594fb276ad2d1ee3667ed03fd5d63a984c3c6b2be50 510176 libunbound8_1.17.1-2+deb12u3_arm64.deb
 2e1a8fff1add13d8d61dba51ccb83b2b68d71aedf2d714712b8b00f74c7c3cc4 171200 python3-unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 1d3a795633ab8503b8a75607b0776bac9e57fb3bfa1dd37dbb9b60ca674a5f3b 201160 python3-unbound_1.17.1-2+deb12u3_arm64.deb
 2ec79937533794dde278f0dc5b6f47e3b933e93259c103b1566fcd7f85ba3e45 59428 unbound-anchor-dbgsym_1.17.1-2+deb12u3_arm64.deb
 c4f7fcb912cd0124bf4fa146d2970a0a147b36cd13dc96bc70ecbca2389c66c2 178628 unbound-anchor_1.17.1-2+deb12u3_arm64.deb
 d6fb0caf972a0f0270865bbd44c094a555a873bdd0823d9713026743a98a59da 5034600 unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 35b2486b74eeb6296a005c8a1a39976272f9fa0ee67ed94432e42fbd5bef5c14 130548 unbound-host-dbgsym_1.17.1-2+deb12u3_arm64.deb
 4586d7ef3b2d3f6829a32a4a81ee5c62939961f0adcc9e44b5686ed57562a702 198676 unbound-host_1.17.1-2+deb12u3_arm64.deb
 ff298e477c0767cef9324dadcb95b26b8ed3573c19e23cedd25f66b9547ba73f 10900 unbound_1.17.1-2+deb12u3_arm64-buildd.buildinfo
 1a6456ae6e7c86867c2de69966f37d03001daa20b94ac049e0400d6b0ed6bffc 895160 unbound_1.17.1-2+deb12u3_arm64.deb
Files:
 7d35bf557f076d56bd177997ec7d78e9 620176 libdevel optional libunbound-dev_1.17.1-2+deb12u3_arm64.deb
 95b2aa0e053b8c4c8afb0fa51252652d 1250344 debug optional libunbound8-dbgsym_1.17.1-2+deb12u3_arm64.deb
 7f90ee8556e87b2c8b158e820b9ea4cf 510176 libs optional libunbound8_1.17.1-2+deb12u3_arm64.deb
 c707e5d05051972b0a477a0f8b7b2f6a 171200 debug optional python3-unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 06ccc8405b042c9e49df177aebec4871 201160 python optional python3-unbound_1.17.1-2+deb12u3_arm64.deb
 614fb33b04da9449f995ce7bbf2ba246 59428 debug optional unbound-anchor-dbgsym_1.17.1-2+deb12u3_arm64.deb
 4aacdfc8f65eb333e14f107a4d6acf71 178628 net optional unbound-anchor_1.17.1-2+deb12u3_arm64.deb
 90171c146920ad919450804a32b78d8e 5034600 debug optional unbound-dbgsym_1.17.1-2+deb12u3_arm64.deb
 73f57e5e2e4b66242f38d7b0479df886 130548 debug optional unbound-host-dbgsym_1.17.1-2+deb12u3_arm64.deb
 4641ff20160c1b95b16ddf1d2c892323 198676 net optional unbound-host_1.17.1-2+deb12u3_arm64.deb
 a8af7b77d12a94cf76f9776be8b6e378 10900 net optional unbound_1.17.1-2+deb12u3_arm64-buildd.buildinfo
 d88f85a44a1105852975909e441c25d7 895160 net optional unbound_1.17.1-2+deb12u3_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmis4LUACgkQlST9Us03
ywuP4BAAnr5d3PsrE9Dngt1Tr1NvCNVlXFFiYyfc6Xa85ztAGprDIyQ1FiO2qLip
55ccQuK53LiCXVQunue7BO8+kVAYgdksfUKEU3gc0nrjI9BxZq9Ru+IXx1W+2XOt
7jLrZA7jXxSZLEsFgp3icelSzv4VV3NO4hbix4UUlbgzHg939xpv7tcP3rkctxio
6lQMH3Z9DTkvljH1YLracs0Dex69t6c0+tqxyPsPhR2Icd0p8e+uZZFcJQTYPETM
aWxIPeo+c9q/TCeT2lVRUKgYdZqDVC0hIbBOQI+dc3RotU1m59PYmfJ+5HDPR2yK
p39oDi3YYLqmIdydUuAmuk/fhhmKWW2ldBre40c6pF3q6Pqw2lJxpkxJd2/UZ7vM
tFl7GOFrhxvSPQrgTTOQQ5or3PaLfx1AGx9rRawIxLsLhaTaXdfvApQseka+xnJ0
n3XvmOfmBZcBU499XCv+sqtLbpMnpqDUll3m1EvJTaMCdeFVofqxpNAUEd2z4yz+
WCu1UjK25z44bFohhRIqpFP6VKlCkry4FOuf0o85b4SmLwX8nA0+z+d5Gc+zZF5x
AFOraJcakxKUQFrCeU27SR6JAKiQIIMWu+vRniB6JavaQwu4OypBO7kqGIcIVZpI
t9gwikpI0FRi1Aq8sZizkPPLlLQL648kxzqYfRqW+HkSZm2f7vA=
=bh7s
-----END PGP SIGNATURE-----